Other uses

Ofcourse, restoring access to servers which had their clandestine entry methods
removed isn't the only useful way my reverse engineering efforts can be used for.
It can also be used for defensive purposes.

For example, you could make an un-clonable hard disk: the hard disk would act
normal if the access pattern for the sectors was somewhat random, like a normal OS
would access a filesystem. If the disk was accessed only sequentially, like a
disk cloning utility would do, the hard disk could mangle the data, making the clone
different from the original.

The disk controller is also interesting as a generic controller board. You have
three fairly capable CPU cores, with a pretty big amount of RAM connected to it.
There's also an uart, for the serial port, and at least two SPI interfaces; one
to the flash rom and one to the spindle controllers. You can load the code for
the processor by updating an external flash chip, or even by using the serial port
in the bootloader. To demonstrate the power of the chip, I ported a fairly
ubiquitous bit of software to my HD. The demo is a proof-of-concept only, the
serial port is the only peripherial that works, and no userspace is available yet.
Nevertheless, I am still a bit proud to say I have installed Linux on my hard disk.
On top, a standard command line (the HD is mounted under /mnt), on the bottom the
output of my work on the serial port of the hard disk:

A bit more explanation about what happens here: the kernel and init
are both packed in pieces with the size of exactly one sector, with
a magic string and order number prepended. By reading the file from
the disk, it will end up in the cache of the disk. The write of the
magic string 'HD, lnx!' finally triggers the modified firmware to
search the cache for all the sectors, re-assemble the kernel image
and boots it. The kernel is built for a MMU-less CPU (the disk
controller doesn't have one) and only has a driver for the serial
port. A MMU-less kernel unfortunately needs a specially formatted
bit of userspace too. I couldn't get this to compile, so the kernel
finally panics because it can't find an init it can execute.